summaryrefslogtreecommitdiff
path: root/bin
diff options
context:
space:
mode:
Diffstat (limited to 'bin')
-rw-r--r--bin/dnssec/dnssec-signzone.c24
-rw-r--r--bin/named/client.c6
-rw-r--r--bin/named/logconf.c59
-rw-r--r--bin/named/update.c6
-rw-r--r--bin/named/zoneconf.c30
5 files changed, 70 insertions, 55 deletions
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 3ce7a4fbebc4..f2473ae443f2 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
*
@@ -16,7 +16,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-signzone.c,v 1.177.18.29 2009-07-21 06:44:32 tbox Exp $ */
+/* $Id: dnssec-signzone.c,v 1.177.18.31 2011-02-27 23:45:14 tbox Exp $ */
/*! \file */
@@ -435,32 +435,32 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,
if (!expired)
keep = ISC_TRUE;
} else if (issigningkey(key)) {
- if (!expired && setverifies(name, set, key, &sigrdata))
- {
+ if (!expired && rrsig.originalttl == set->ttl &&
+ setverifies(name, set, key, &sigrdata)) {
vbprintf(2, "\trrsig by %s retained\n", sigstr);
keep = ISC_TRUE;
wassignedby[key->position] = ISC_TRUE;
nowsignedby[key->position] = ISC_TRUE;
} else {
vbprintf(2, "\trrsig by %s dropped - %s\n",
- sigstr,
- expired ? "expired" :
- "failed to verify");
+ sigstr, expired ? "expired" :
+ rrsig.originalttl != set->ttl ?
+ "ttl change" : "failed to verify");
wassignedby[key->position] = ISC_TRUE;
resign = ISC_TRUE;
}
} else if (iszonekey(key)) {
- if (!expired && setverifies(name, set, key, &sigrdata))
- {
+ if (!expired && rrsig.originalttl == set->ttl &&
+ setverifies(name, set, key, &sigrdata)) {
vbprintf(2, "\trrsig by %s retained\n", sigstr);
keep = ISC_TRUE;
wassignedby[key->position] = ISC_TRUE;
nowsignedby[key->position] = ISC_TRUE;
} else {
vbprintf(2, "\trrsig by %s dropped - %s\n",
- sigstr,
- expired ? "expired" :
- "failed to verify");
+ sigstr, expired ? "expired" :
+ rrsig.originalttl != set->ttl ?
+ "ttl change" : "failed to verify");
wassignedby[key->position] = ISC_TRUE;
}
} else if (!expired) {
diff --git a/bin/named/client.c b/bin/named/client.c
index 1f163fb50a0d..b58a660933e7 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.c,v 1.219.18.33 2009-01-19 23:46:14 tbox Exp $ */
+/* $Id: client.c,v 1.219.18.35 2011-05-06 23:45:18 tbox Exp $ */
#include <config.h>
@@ -619,6 +619,7 @@ ns_client_endrequest(ns_client_t *client) {
dns_message_puttemprdataset(client->message, &client->opt);
}
+ client->signer = NULL;
client->udpsize = 512;
client->extflags = 0;
client->ednsversion = -1;
@@ -1934,6 +1935,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
client->next = NULL;
client->shutdown = NULL;
client->shutdown_arg = NULL;
+ client->signer = NULL;
dns_name_init(&client->signername, NULL);
client->mortal = ISC_FALSE;
client->tcpquota = NULL;
diff --git a/bin/named/logconf.c b/bin/named/logconf.c
index 453a98b4456c..a554eab57e64 100644
--- a/bin/named/logconf.c
+++ b/bin/named/logconf.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,12 +15,13 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: logconf.c,v 1.35.18.5 2006-03-02 00:37:21 marka Exp $ */
+/* $Id: logconf.c,v 1.35.18.8 2011-03-06 01:46:22 marka Exp $ */
/*! \file */
#include <config.h>
+#include <isc/file.h>
#include <isc/offset.h>
#include <isc/result.h>
#include <isc/stdio.h>
@@ -130,7 +131,7 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
}
type = ISC_LOG_TONULL;
-
+
if (fileobj != NULL) {
const cfg_obj_t *pathobj = cfg_tuple_get(fileobj, "file");
const cfg_obj_t *sizeobj = cfg_tuple_get(fileobj, "size");
@@ -140,7 +141,7 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
isc_offset_t size = 0;
type = ISC_LOG_TOFILE;
-
+
if (versionsobj != NULL && cfg_obj_isuint32(versionsobj))
versions = cfg_obj_asuint32(versionsobj);
if (versionsobj != NULL && cfg_obj_isstring(versionsobj) &&
@@ -219,26 +220,38 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
if (result == ISC_R_SUCCESS && type == ISC_LOG_TOFILE) {
FILE *fp;
-
- /*
- * Test that the file can be opened, since isc_log_open()
- * can't effectively report failures when called in
- * isc_log_doit().
- */
- result = isc_stdio_open(dest.file.name, "a", &fp);
- if (result != ISC_R_SUCCESS)
- isc_log_write(ns_g_lctx, CFG_LOGCATEGORY_CONFIG,
- NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
- "logging channel '%s' file '%s': %s",
- channelname, dest.file.name,
- isc_result_totext(result));
- else
- (void)isc_stdio_close(fp);
/*
- * Allow named to continue by returning success.
- */
- result = ISC_R_SUCCESS;
+ * Test to make sure that file is a plain file.
+ * Fix defect #22771
+ */
+ result = isc_file_isplainfile(dest.file.name);
+ if (result == ISC_R_SUCCESS ||
+ result == ISC_R_FILENOTFOUND) {
+ /*
+ * Test that the file can be opened, since
+ * isc_log_open() can't effectively report
+ * failures when called in
+ * isc_log_doit().
+ */
+ result = isc_stdio_open(dest.file.name, "a", &fp);
+ if (result != ISC_R_SUCCESS) {
+ syslog(LOG_ERR,
+ "isc_stdio_open '%s' failed: %s",
+ dest.file.name,
+ isc_result_totext(result));
+ fprintf(stderr,
+ "isc_stdio_open '%s' failed: %s",
+ dest.file.name,
+ isc_result_totext(result));
+ } else
+ (void)isc_stdio_close(fp);
+ } else {
+ syslog(LOG_ERR, "isc_file_isplainfile '%s' failed: %s",
+ dest.file.name, isc_result_totext(result));
+ fprintf(stderr, "isc_file_isplainfile '%s' failed: %s",
+ dest.file.name, isc_result_totext(result));
+ }
}
return (result);
diff --git a/bin/named/update.c b/bin/named/update.c
index da735dd70a2b..e2c78da2c94b 100644
--- a/bin/named/update.c
+++ b/bin/named/update.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: update.c,v 1.109.18.33 2009-07-28 15:57:26 marka Exp $ */
+/* $Id: update.c,v 1.109.18.35 2011-03-12 04:56:41 tbox Exp $ */
#include <config.h>
@@ -1549,7 +1549,7 @@ next_active(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
{
isc_result_t result;
dns_dbiterator_t *dbit = NULL;
- isc_boolean_t has_nsec;
+ isc_boolean_t has_nsec = ISC_FALSE;
unsigned int wraps = 0;
CHECK(dns_db_createiterator(db, ISC_FALSE, &dbit));
diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index be872bed7de0..7ed556fbe292 100644
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: zoneconf.c,v 1.110.18.23 2006-05-16 03:39:57 marka Exp $ */
+/* $Id: zoneconf.c,v 1.110.18.25 2011-03-12 04:56:41 tbox Exp $ */
/*% */
@@ -60,7 +60,7 @@
static isc_result_t
configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
const cfg_obj_t *config, const char *aclname,
- cfg_aclconfctx_t *actx, dns_zone_t *zone,
+ cfg_aclconfctx_t *actx, dns_zone_t *zone,
void (*setzacl)(dns_zone_t *, dns_acl_t *),
void (*clearzacl)(dns_zone_t *))
{
@@ -264,11 +264,11 @@ strtoargvsub(isc_mem_t *mctx, char *s, unsigned int *argcp,
char ***argvp, unsigned int n)
{
isc_result_t result;
-
+
/* Discard leading whitespace. */
while (*s == ' ' || *s == '\t')
s++;
-
+
if (*s == '\0') {
/* We have reached the end of the string. */
*argcp = n;
@@ -582,10 +582,10 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
INSIST(result == ISC_R_SUCCESS);
if (cfg_obj_isboolean(obj))
ixfrdiff = cfg_obj_asboolean(obj);
- else if (strcasecmp(cfg_obj_asstring(obj), "master") &&
+ else if (!strcasecmp(cfg_obj_asstring(obj), "master") &&
ztype == dns_zone_master)
ixfrdiff = ISC_TRUE;
- else if (strcasecmp(cfg_obj_asstring(obj), "slave") &&
+ else if (!strcasecmp(cfg_obj_asstring(obj), "slave") &&
ztype == dns_zone_slave)
ixfrdiff = ISC_TRUE;
else
@@ -614,7 +614,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "check-sibling", &obj);
INSIST(result == ISC_R_SUCCESS);
- dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSIBLING,
+ dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSIBLING,
cfg_obj_asboolean(obj));
obj = NULL;
@@ -633,7 +633,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
"allow-update", ac, zone,
dns_zone_setupdateacl,
dns_zone_clearupdateacl));
-
+
updateacl = dns_zone_getupdateacl(zone);
if (updateacl != NULL && dns_acl_isinsecure(updateacl))
isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_SECURITY,
@@ -641,7 +641,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
"zone '%s' allows updates by IP "
"address, which is insecure",
zname);
-
+
RETERR(configure_zone_ssutable(zoptions, zone));
obj = NULL;
@@ -689,7 +689,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "check-integrity", &obj);
INSIST(obj != NULL);
- dns_zone_setoption(zone, DNS_ZONEOPT_CHECKINTEGRITY,
+ dns_zone_setoption(zone, DNS_ZONEOPT_CHECKINTEGRITY,
cfg_obj_asboolean(obj));
obj = NULL;
@@ -725,7 +725,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "update-check-ksk", &obj);
INSIST(result == ISC_R_SUCCESS);
- dns_zone_setoption(zone, DNS_ZONEOPT_UPDATECHECKKSK,
+ dns_zone_setoption(zone, DNS_ZONEOPT_UPDATECHECKKSK,
cfg_obj_asboolean(obj));
}
@@ -739,7 +739,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
"allow-update", ac, zone,
dns_zone_setupdateacl,
dns_zone_clearupdateacl));
-
+
updateacl = dns_zone_getupdateacl(zone);
if (updateacl != NULL && dns_acl_isinsecure(updateacl))
isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_SECURITY,
@@ -747,7 +747,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
"zone '%s' allows updates by IP "
"address, which is insecure",
zname);
-
+
RETERR(configure_zone_ssutable(zoptions, zone));
obj = NULL;
generated by cgit v1.3 (git 2.53.0) at 2026-03-11 04:28:25 +0000